process the personal data of users who visit and use them. The policy concerns the procedures, timing and nature of the information that data controllers must give users when they connect to web pages, regardless of the purpose of the connection.

Place of data processing and authorized personnel

Data processing relating to the services on these websites takes place at the premises of the Internet service providers used to make and host the site and at the Data Controller’s premises.

Data is processed only by authorized personnel, including for any maintenance and administration of the processing systems.

Types of processed data

Navigation and technically essential data

During the course of normal operation, the computer systems and software procedures used to operate this website collect personal data, the transmission of which is an intrinsic part of using Internet communication protocols. Such information is not collected to be associated with identified parties, but could, by its very nature, make it possible to identify users when processed and associated with data held by third parties. This data category includes IP addresses or the domain names of the computers used by users who connect to the website, the Uniform Resource Identifier (URI) addresses of requested resources, the time of the request, the method used to place the request with the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment. This data is only used to obtain anonymous statistical data relating to use of the website and to check that it is operating correctly, and is immediately deleted after processing. The data could be used to determine responsibility in the event of hypothetical IT offenses against the website.

Data provided voluntarily by the user

Data relating to identified or identifiable persons may also be processed, on the basis of additional information submitted by the party concerned: for example, by filling in data collection forms; or through the optional, explicit and voluntary sending of e-mail to the addresses appearing on this site, involving the sender’s address subsequently being acquired, which is necessary to reply to requests, and any other personal data included in the communication.

E-commerce data

Profiling data

Profiling data regarding the interested party’s shopping habits or choices is not directly collected. It is still possible that this information may be collected by independent or separate parties through links or the inclusion of third-party elements. Refer to the Cookies section.

Cookies

Like other websites, this website saves cookies in the browser of the user’s computer to transmit personal information and to enhance the user experience. Cookies are small text files that are sent to the user’s terminal equipment (usually the browser) by visited websites, where they are stored, sometimes for a long time, to be then resent to the same websites on the user’s next visit.

As explained below, it is possible to choose to accept cookies or not and which cookies to accept, bearing in mind that refusing to use them may affect the ability to complete certain transactions on the website or the accuracy and suitability of certain customizable content or the ability to recognize the user from one visit to the next. Where no choice is made in this regard, the predefined settings will be applied and all cookies will be activated. However, relevant decisions may be notified or changed at any time.

In particular, “session” cookies are used, which are not stored permanently on the user’s computer and are deleted on closing the browser, use of which is strictly limited to the transmission of session identifiers (consisting of numbers randomly generated by the server), which are necessary to enable secure and efficient browsing of the site and which avoid the use of other IT techniques that would potentially jeopardize the confidentiality of users’ browsing and do not allow the collection of personal data that could identify the user. Analytics cookies are also used, which help understand how visitors interact with the site’s content, by collecting information (geographical and web location, technology used, language, landing page, pages visited, exit page, time spent on the site, etc.) and generating website usage statistics, without personally identifying individual visitors. All these are technical cookies, which, as consent is not required, operate on an opt-out basis. Technical cookies are not shared with third parties, as they are necessary or useful for the functioning of the site. They are therefore only processed by authorized qualified persons, data processors or system administrators.

Lastly, the site includes cookies from third parties (which are independent and for which the Data Controller has no responsibility), which also perform profiling functions.

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. In some browsers you can set up rules to manage cookies on a site-by-site basis, giving you more fine-grained control over your privacy. What this means is that you can disallow cookies from all sites except those that you trust.

Another feature of some browsers is incognito browsing mode, meaning that any cookies created while in incognito mode are deleted after the browser is closed.

Refer to the following instructions for cookie management in the relevant browsers:

Purposes of processing, communication and disclosure of data

The personal data collected is only used to perform the requested services and is disclosed to third parties only when necessary for that purpose. Services include: browsing and simple use of the website and its content; registration and access to the restricted area; donations and payments; subscription to and receipt of the newsletter; recommendations; contact requests, etc.

Some services involve more detailed information.

In any case, no data derived from web services is disclosed or published without the prior approval of the party concerned.

Finally, please note that in some cases (not subject to ordinary management) the Public Authorities may also make requests for personal information, to which the Data Controller is obliged to respond.

Optional provision of data

Apart from what is required in terms of navigation and technically essential data, the user is free to provide personal data for specific requests regarding products and/or services. Without certain essential data it may be impossible to fulfill the request.

Legal basis. Management of approval for processing

When necessary, apart from cases in which the legitimate interests of both the Data Controller and third parties apply, and, in any case, after having read the policy, the interested party is required to consent to the processing and disclosure of their personal data for the purposes and within the limits described; failure to do so would prevent the Data Controller from processing the data in order to perform and provide the services requested by the interested party.

Details for specific services

Join Us

The required data is provided freely by the party concerned: some data (Name, Surname, Date of birth, Gender, Address, Telephone, E-mail) is essential; other data is optional. Consent to data processing is required for membership purposes and activities, which, on first registration, also includes receiving the newsletter (see the specific paragraph) for promotional and commercial communications, from which it is possible subsequently to unsubscribe. The payment system provides for the disclosure of some data to the bank providing the service.

Donate

The required data is provided freely by the party concerned: some data (Name, Surname, E-mail) is essential; other data is optional (Country, Notes, Slow Food Member, Projects of interest, etc.). Consent to processing is required for purposes connected to donation (accounting records, etc.), which also includes, if selected, receiving the newsletter (see the specific paragraph) for promotional and commercial communications, from which it is possible subsequently to unsubscribe. Consent is required to publish the interested party’s details on the official list of donors. The payment system provides for the disclosure of some data to the bank providing the service.

Newsletter

E-mail contacts used to send out the periodic newsletter come from voluntary subscriptions on the part of the recipient, from whom confirmation is always requested, as well as from information collected during the sale of goods or services of the Data Controller or similar for legitimate interests. The newsletter involves sending information, communications, including of a commercial or promotional nature, and material. Please note that contacts are not obtained from public lists of subscribers. Where communications are not of interest to the recipient, any further communications from specific sources can be stopped by clicking the unsubscribe link contained in each message from that source, or further contact can be stopped by writing to the contact provided, exercising the right to unsubscribe from the newsletter.

Product recommendation (Ark of Taste and Presidia)

The required data is provided freely by the party concerned: some data (Name, Telephone, E-mail) is essential; other data is optional. Consent to processing is required in order to submit the recommendation, which also includes receiving the newsletter (see the specific paragraph) for promotional and commercial communications, from which it is possible subsequently to unsubscribe.

The required data is provided freely by the interested party: some data (Name, Telephone, E-mail) is essential; other data is optional. Consent to processing is required in order to allow publication, which also includes receiving the newsletter (see the specific paragraph) for promotional and commercial communications, from which it is possible subsequently to unsubscribe.

Leader Area

This is a restricted area that is accessible only after prior authentication, exclusively for use by authorized and appointed persons. Unauthorized access to this area or remaining in it will be prosecuted (Article 615b of the Penal Code) and constitute an administrative liability offense on the part of the body (Article 24a of Legislative Decree No. 231/2001) for which the offender works. Authorized users acknowledge that, in this area, technical cookies (session, security, navigation cookies, etc.) are used in the user’s browser, which cannot be refused in order for the site to work correctly. The primarily automated processing of user data (authentication credentials, access and attempted access logs, operation logs, etc.) falls within the scope of the Data Controller’s IT system management and is regulated and described in detail in the internal IT procedures. Data is stored temporarily, is not disclosed and may be accessed, when necessary, by technical personnel (developers and system administrators), unless necessary for other legitimate purposes as laid down by the Personal Data Protection Code. Information (text, video and images) that the user uploads to the restricted area is protected by encryption and authentication systems and can be accessed only by authorized users, or by parties with a direct interest and/or intermediaries involved. This information is not disclosed. Processing methods

Personal data processing, understood as the collection, recording, organization, storage, processing, modification, deletion and destruction or the combination of two or more of these operations, takes place using manual, computerized and online tools, as well as in an automated manner, using methods strictly related to the stated purposes and, in any case, in such a way as to ensure security and confidentiality and for the time strictly necessary to achieve the purposes for which it has been collected.

Data is processed legally and accurately, is collected and recorded for specified, explicit and legitimate purposes, is accurate and, if necessary, updated, relevant, complete and not excessive with regard to the purposes of processing, in compliance with basic security measures and the rights and fundamental freedoms and the dignity of the party concerned, particularly with regard to confidentiality and personal identity.

Specific security measures are in place to prevent loss of data, illegal or improper use and unauthorized access.

Data are held until the legal prescription for the establishment of claims or defences expires, after the purpose (purpose of processing) for which the data were collected has been fulfilled. Personal data will not be transferred to recipients in a third country or to international organizations outside of the European Union (EU) or the European Economic Area (EEA).

Rights of interested parties

At any time the interested party may: exercise his/her rights (of access, to rectification, to erasure, to restriction of processing, to data portability, to object, to not be subject to automated decision making) when stipulated by law in interactions with the Data Controller, pursuant to Articles 15-22 of the GDPR; lodge a complaint with the Data Protection Authority (www.garanteprivacy.it); and, where data processing is based on consent, revoke consent, taking into account the fact that such a revocation will not affect the lawfulness of consent-based data processing that occured before consent was revoked.

Applicable law

Personal data processing is covered by European and Italian legislation, in particular Regulation (EU) 2016/679 and Legislative Decree No. 196 of 30 June 2003, as subsequently amended and supplemented, as well as provisions of the Data Protection Authority. Contact